I apologize for being a complete moron, but I have spent 3 days on this and it still doesn't work.
I set up a Sun ONE Directory Server 5.2. It has one user, Troy, and is running on my Solaris 10 machine. Using Telnet, Troy can login just fine and be authenticated. Additonally, from my other Solaris machine, Troy can log in just fine. Setting up the LDAP client in Solaris was fairly easy.
On myRH 4 AS machine, I have two users locally, root and sqa. I want Troy to be able to log in using LDAP authentication, but when I try to log in from the Linux machine, I get nowhere. The login dialog just gives me an error message saying the user or password is invalid. If I try to log in as sqa now, I get "authentication failed" which means that only root can log on to the Linux machine. The /var/log/messages contains:
9:27:43 redhat4asclean gdm(pam_unix)[2905]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Aug 23 09:27:43 redhat4asclean gdm-binary[2905]: pam_ldap: error trying to bind (No such object)
Aug 23 09:27:46 redhat4asclean gdm-binary[2905]: Couldn't authenticate user
Aug 23 09:27:56 redhat4asclean gdm(pam_unix)[2905]: check pass; user unknown
Aug 23 09:27:56 redhat4asclean gdm(pam_unix)[2905]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Aug 23 09:27:56 redhat4asclean gdm-binary[2905]: pam_ldap: error trying to bind (No such object)
Aug 23 09:28:00 redhat4asclean gdm-binary[2905]: Couldn't authenticate user
Aug 23 09:28:06 redhat4asclean gdm[2905]: pam_ldap: error trying to bind (No such object)
Aug 23 09:28:06 redhat4asclean gdm[2905]: Couldn't set acct. mgmt for sqa
Aug 23 09:28:13 redhat4asclean gdm(pam_unix)[2905]: session opened for user root by (uid=0)
Aug 23 09:28:14 redhat4asclean gconfd (root-3113): starting (version 2.8.1), pid 3113 user 'root'
The first one, "no such object," is Troy (he exists in Sun ONE DS only). The second one is sqa (he is local Linux machine user). The one that finally works is root.
I have modified many .conf files, to no avail! Is there some basic setting that I just don't have set properly? Here are contents of other files:
/etc/ldap.conf is trying to bind to the LDAP server with name of the default Sun user. Was I supposed to use that proxy agent guy instead? I'm confused here:
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Directory Manager,dc=mydomain,dc=com
# The credentials to bind with.
# Optional: default is no credential.
bindpw thepassword
What is this for?:
# Filter to AND with uid=%s
pam_filter objectclass=posixAccount
I am using "crypt" in Solaris for the unix authentication. Am I supposed to uncomment this line:
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt
As is obvious, I am incredibly confused by all the different user and binding and such (There is Directory Manager in Sun, and some posixAccount user, whose purpose I have no idea about). Hopefully, someone can help me here! Thanks in advance for any help!
Erikka